TCM recently had a discount code available to get their Practical Ethical Hacking (PEH) course for $1. In the UK this worked out with taxes to be about £1.10 which in my mind is an absolute bargain. Bearing in mind that I have over 10 years of experience in IT Infrastructure and about a year fumbling through Ethical Hacking courses. I thought I’d give my thoughts on the course so far as I’ve just completed the Capstone section.
The initial sections of the course, Network Refresher, Setting Up Our Lab, Introduction to Linx and Introduction to Python are very basic, I get the feeling that this part of the course is designed for anyone who doesn’t have any experience in Networking, Linux or Python. I supposed based on the fact that most of them say “Introduction” that’s about right. They are good in their content but if you’ve already got experience in these technologies you can pretty much skip the entire section. I found a few bits useful reminders like Tuples in Python being immutable.
The next section was the first part of the hacking lifecycle, Reconnaissance. This was quite a good section as it introduced tools available on the internet that you do not get introduced to by using services such as TryHackMe. Whilst TryHackMe does have some OSINT rooms I never really walked away from completing those rooms feeling like I learned something where I did with this as Heath takes you through what you’re looking for a why.
Scanning & Enumeration is the next section which again if you’ve not done any sort of Hacking/Pen Testing/Red Teaming is a great introduction to some of the basics. I really like the emphasis that Heath puts on this section and Reconnaissance as with him I believe it’s the most important as having as much information as possible, makes the rest so much easier. I would say that the Nessus scanning is included in this section as well but TCM/Heath has given it, its own section and rightly so. Nessus is a monster and a wonderful tool but it is part of enumeration.
The final section before the Capstone is the exploitation, again not too much here I hadn’t seen before but understanding the difference between staged and non-staged payloads was great as it also explained why sometimes when using things like Metasploit the exploits don’t work with one type of payload but work with another. You are also taken through the manual exploitation process which at first glance feels like it’s going to be coding your own exploit against a piece of software. Actually, it’s just googling until you find an exploit someone else has written understanding the exploit and how to run it against your intended victim.
So the Capstone section, in this section you’re given five machines to attempt to hack. The idea is you have a go and in the event you get stuck they provide a video to go through and work out where you went wrong and why. The five machines in order are Blue, Academy, Dev, Butler and Blackpearl. These machines are supposed to go from basic to harder. I personally found the first two a breeze, Dev I ended up not following my methodology on and went down a rabbit hole on one of the open ports. In other words, explore all ports. Butler was annoying, there’s no other word for it. I spent hours on this machine trying to break past the authentication to no avail. I finally gave up after 10 hours and watched the video and in the end, it turned out that whatever I put at it (in this case the rock you database) wouldn’t have gotten me anywhere. All I will say is to pay attention to the software name, apparently, some administrators like to use something like this for the username and password to a piece of software. I thought this was a bit cheeky as I’ve never seen anything like that before in the industry. Blackpearl was a great learning experience and I cracked that in 90 minutes after watching all of the videos I believe I got most of the things nailed, don’t forget this isn’t a CTF, you need to capture all possible paths of exploitation and privilege escalation in your notes for your report later.
So my thoughts on this course, it’s a great introduction to ethical hacking and so far it’s been quite enjoyable to understand some different techniques that people are using. I personally haven’t picked up loads with having quite a lot of experience however, the things I have picked up I believe have made me understand things better and that can only be a win. I still have Exploit Development (Buffer Overflow), All of the Active Directory (AD) sections as well as Web Applications and Post Exploitation to do and I’m really looking forward to it as I’ve not done much around attacking AD. I’ll update this post once I have completed the rest and let you know my thoughts on the second half of the course.